CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

This vulnerability describes improper neutralization of special elements, which could result in modification of the intended OS command that is sent to a downstream component.
An attacker can execute malicious commands on target operating system and access the environments to which they weren't allowed to read or modify.
The weakness is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-78

Multiple vulnerabilities in Peplink Smart Reader 2024-04-18
High Yes
OS Command Injection in Cisco Integrated Management Controller 2024-04-18
Low Yes
OS Command Injection in Cisco Integrated Management Controller 2024-04-18
Low Yes
Multiple vulnerabilities in Oracle Linux 2024-04-17
High Yes
OS Command Injection in Proscend Communications M330-W and M330-W5 2024-04-16
Medium Yes
OS command injection in less 2024-04-15
Medium Yes
Multiple vulnerabilities in BUFFALO wireless LAN routers 2024-04-15
Low Yes
Multiple vulnerabilities in IBM QRadar SIEM 2024-04-12
High Yes
Multiple vulnerabilities in PHP 2024-04-11
High Yes
OS command injection in Rust 2024-04-10
High Yes

References

Description of CWE-78 on Mitre website